Sliver C2 Implant Analysis
8 min readJan 12, 2023
Sliver C2 Implant Analysis
Intro
In this short blog, I will analyse a sample of Sliver that I was able to identify while scanning my adversaries’ infrastructure. I will start with a static analysis with PEStudio, a dynamic analysis with ProcMon and Wireshark. I will perform some basic reverse engineering with IDA and finally analyse the Threat Actor infrastructure.
Basic information about the malware
File information
PE32+ executable (GUI) x86–64 (stripped to external PDB), for MS Windows
File size 15.53 MB (16283648 bytes)
Hashes/IoC
- MD5: 54129cad2a0de88cd94440e7663fdffb
- SHA-1: 194c402c0d3bb285cc32eb4a6f23519081c8815e
- SHA-256: 44e38bf97ce3f5cc22886a54e1e7144e2c6fbdb9515b9a8f26f025ce3eac56e4